I am trying to integrate our On-Premise AD RMS Cluster with Windows Live ID support, however when I attempt to enable it via PowerShell (the "Trust Windows Live ID" option in the GUI is missing), I receive the error:
"Import-RmsTUD : Trusting external Microsoft accounts is not supported under AD RMS cryptographic mode 2."
How do I get around this? I don't think switching to cryptographic mode 1 is even an option...
Unfortunately, using WLID is not an available option when you have deployed Cryptographic Mode 2. If you have implemented Trusted User Domains (which is what you do when you enable WLID) or Trusted Publishing Domains with AD RMS clusters in different
Active Directory forests, all clusters must be updated to Cryptographic Mode 2, which is why that option is unavailable for you. As you mentioned, there is currently no way to roll back to Cryptographic Mode 1 after deploying Mode 2.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.